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Abstract: In this paper, we further develop the coordination control scheme for discrete-event systems 
based on the Ramadge-Wonham framework. The notions of conditional decomposability, conditional 
controllability, and conditional closedness are revised and simplified, supremal conditionally control- 
lable sublanguages of general non-prefix-closed languages are discussed, and a procedure for the 
computation of a coordinator for nonblockingness is presented. 
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1. INTRODUCTION 

A distributed discrete-event system with synchronous commu- 
nication is modeled as a parallel composition of two or more 
subsystems. Each subsystem has its own observation channel. 
The local control synthesis then consists in synthesizing local 
nonblocking supervisors for each subsystem. 

Recently, Komenda and van Schuppen (2008) have proposed 
a coordination control architecture as a trade-off between the 
purely local control synthesis, which does not work in gen- 
eral, and the global control synthesis, which is not always 
possible because of complexity reasons. The coordination con- 
trol approach has been developed for prefix-closed languages 
in Komenda et al. (2011b, 2012b) and partially discussed for 
non-prefix-closed languages in Komenda et al. (2011a). A co- 
ordination control plug-in handling the case of prefix-closed 
languages has recently been implemented for libFAUDES, 
see Moor et al. (2012). 

In this paper, we further develop the coordination control 
scheme for discrete-event systems based on the Ramadge- 
Wonham framework. The notions of conditional decompos- 
ability, conditional controllability, and conditional closedness 
are revised and simplified, supremal conditionally controllable 
sublanguages of general non-prefix-closed languages are dis- 
cussed, and a procedure for the computation of a coordinator 
for nonblockingness is presented. 

The paper is organized as follows. Section 2 recalls the basic 
theory and revises the basic concepts. Section 3 formulates the 
problem of coordination supervisory control. Section 4 pro- 
vides new results concerning non-prefix-closed languages, and 
Section 5 discusses the construction of a nonblocking coordi- 
nator. Section 6 revises the prefix-closed case, and Section 7 
concludes the paper. 

2. PRELIMINARIES AND DEFINITIONS 

In this paper, we assume that the reader is familiar with super- 
visory control of discrete-event systems, where discrete-event 



systems are modeled as deterministic finite automata with par- 
tial transition functions, see Cassandras and Lafortune (2008). 

Let E be a finite, nonempty set (of events), then E* denotes the 
set of all finite words over E; the empty word is denoted by e. 
A generator over £ is a construct G = (Q,E,f,qo,Q m ), where 
Q is a finite set of states, f : Qx E — > Qis a partial transition 
function, qo € Q is the initial state, and Q m C Q is the set of 
marked states. In the usual way, / can be extended to a function 
from Q x E* to Q by induction. The behavior of G is described 
in terms of languages. The language generated by G is the set 
L(G) = {s e E* | f(qo,s) G Q}, and the language marked by G 
is the set L m (G) = {s e E* | f(q Q ,s) e Q m }. 

We restrict our attention to regular languages. A (regular) 
language L over E is a set L C E* such that there exists a 
generator G with L m (G) = L. The prefix closure of L is the set 

L = {we£* I 3u e E* , wu e L}; L is prefix-closed if L = L. 

A controlled generator over £ is a structure (G,E c ,r), where 
G is a generator over E, E c C E is the set of controllable events, 
E u ~E\E c is the set of uncontrollable events, and r = {/ C E | 
E u C y} is a set of control patterns. A supervisor for the con- 
trolled generator (G,E C ,F) is a map S : L(G) — > T. The closed- 
loop system associated with the controlled generator (G,E C ,F) 
and the supervisor S is defined as the minimal language L(S/G) 
such that (i) e e L(S/G), and (ii) if s <= L(S/G), sa <= L(G), and 
a e S(s), then sa e L(S/G). We define L m (S/G) = L(S/G) n 
L m (G). The supervisor disables transitions of G, but it cannot 
disable a transition with an unco ntrollable event. If the closed- 
loop system is nonblocking, i.e., L m (S/G) — L(S/G), then the 
supervisor S is called nonblocking. 

Given a specification language K, the control objective of su- 
pervisory control is to find a nonblocking supervisor S so that 
L m (S/G) = K. For the monolithic case, such a supervisor exists 
if and only if K is controllable with respect to L(G) and E u , 
that is, KE U C\L C K, and K is L m (G)-closed, that is, K = Kn 
L m (G). For uncontrollable specifications, controllable sublan- 
guages are considered. In this paper, supC(K, L,E U ) denotes 
the supremal controllable sublanguage of K with respect to 



L and E u , which always exists and equals to the union of all 
controllable sublanguages of K, see Wonham (201 1). 

A projection P : E* — > Eq, Eq C E, is a homomorphism defined 
so that P{a) = e, for a £ E\ Eq, and P(a) = a, for a € Eq. The 
inverse image of P is denoted by P _1 : Eq -)• 2 £ *. For P,, P,-, 

P^ C p, we use the notation P 1 ^ 1 to denote the projection from 
(Pi UP,)* to E\. If P; UP,- = P, we write only Pf. Moreover, 
Ej U = P,- flP„ denotes the sets of locally uncontrollable events. 

The synchronous product of languages L\ C p* and Li C p| 
is defined by Pi ||P 2 = Pf 1 (Pi ) nP 2 _1 (L 2 ) C (Pi U P 2 )*, where 
Pi : (Pi UP 2 )* — > P*, i = 1,2, are projections. For generators 
G\ and G 2 , the definition can be found in Cassandras and 
Lafortune (2008). It holds that L(G X \\G 2 ) = P(Gi)||P(G 2 ) and 
L m (Gi||G 2 ) = P m (Gi)||P m (G 2 ). In the automata framework, 
where the supervisor S has a finite representation as a generator, 
the closed-loop system is a synchronous product of the super- 
visor and the plant. Thus, we can write L(S/G) = L(5)||P(G). 

Generators Gi and G 2 are conditionally independent with re- 
spect to a generator G k if E r {G\ ||G 2 ) n E r (G\) n E r (G 2 ) C 
E r (G k ), where for a generator G over P, E r (G) = {a e P | 
3m, v € E*, uav <G L(G)} is the set of all events appearing in 
words of P(G). In other words, there is no simultaneous move in 
both Gi and G 2 without the coordinator G k being also involved. 
From the practical viewpoint, we omit the element P r (Gi ||G 2 ) 
because we do not want to compute the global plant G\ ||G 2 . 

Now, the notion of decomposability is weakened. More- 
over, it is simplified in comparison with our previous work, 
see Komenda et al. (2012b), but still equivalent. A language K 
is conditionally decomposable with respect to event sets E\, P 2 , 
E k if K = P\ +k (K)\\P 2+k (K). There always exists an extension 
of E k which satisfies the condition. The question which exten- 
sion should be used (the minimal one?) requires further investi- 
gation. Polynomial-time algorithms for checking the condition 
and extending the event set are discussed in Komenda et al. 
(2012a). 

Languages K and L are synchronously nonconflicting if K\\L = 
K\\L. Note that if K is conditionally decomposable, then the lan- 
guages P\ + k{K) and P 2+k (K) are synchronously nonconflicting 

because K C P 1+ ^(P)||P 2+jt (P) C P l+k (K)\\P 2+k (K) = K. The 
following example shows that there is no relation between the 
conditional decomposability of K and K in general. 

Example 1. Let Pi = {ai,bi,a,b}, P 2 = {a 2l b 2 ,a,b}, E k = 
{a,b} be event sets, and let K = {a\a 2 a,a 2 a\a,b\b 2 b,b 2 b\b\. 
Then, P\ +k (K) = {a\a,b\b}, P 2 +k{K) = {a 2 a,b 2 b}, and K = 
Pi +k {K)\\P 2+k {K). Notice that a x b 2 e P 1+k (K)\\P 2+k (K), but 
a \b 2 £ K, which means that K is not conditionally de- 
composable. On the other hand, consider the language L = 
{e ,ab ,ba,abc ,bac\ C {a,b,c}* with Pi = {fl,c}, P 2 = {b,c}, 
E k = {c}. Then, L = P 1+k {L)\\P 2+k {L) = P l+k {L)\\P 2+k {L), and 
it is obvious that L^L. < 

3. COORDINATION CONTROL SYNTHESIS 

In this section, we formulate the coordination control problem 
and revise the necessary and sufficient conditions of Komenda 
et al. (201 la,b, 2012b) under which the problem is solvable. 

Problem 2. Consider generators G\, G 2 over E\, E 2 , respec- 
tively, and a coordinator Gk over E k . Let K C L m (G\ \\G 2 \\Gk) 
be a specification. Assume that generators Gi and G 2 are con- 



ditionally independent with respect to the coordinator Gk, and 
that the specification language K and its prefix-closure K are 
conditionally decomposable with respect to Pi, P 2 , E k - The 
aim of the coordination control synthesis is to determine non- 
blocking supervisors Si, S 2 , Sk for the respective generators 
such that L m (S k /G k ) C P k (K), P m (Si/[G;|| (S k /G k )]) C P i+k (K), 
for i — 1,2, and the closed-loop system with the coordinator 
satisfies 

L m (5 1 /[Gi||(^/G ft )]) || L m (S 2 /[G 2 \\(S k /G k )])=K. 

o 

Note thatjhen L(Si/[Gi\\(S k /G k )])\\L(S 2 /[G2\\(S k /G k )]) = K 

because K = P m (5i/[Gi||(5 fc /G fe )])||P m (5 2 /[G 2 ||(VG*)]) Q 
L(Si/[Gi || (S k /G k )]) ||P(5 2 /[G 2 || (Sk/Gk)}) C K, and if such su- 
pervisors exist, their synchronous product is a nonblocking 
supervisor for the global plant, cf. Komenda et al. (201 la). 

One of the possible methods how to construct a suitable coor- 
dinator Gk has been discussed in the literature, see Komenda 
et al. (2011a,b, 2012b). 

Algorithm 1. (Construction of a coordinator). Let Gi and G 2 
be two subsystems over Pi and P 2 , respectively, and let K be 
a specification language. Construct the event set E k and the 
coordinator Gk as follows: 

(1) SetP* =p!nP 2 . 

(2) Extend E k so that K and K are conditional decomposable. 

(3) Define G k = P k {G l ) \\P k (G 2 ). 

So far, the only known condition ensuring that the projected 
generator is smaller than the original one is the observer prop- 
erty. Therefore, we might need to add step (2b) to extend Ek so 
that P k is also an L(G;)-observer, for i = 1,2, cf. Definition 7. 

3.1 Conditional controllability 

Conditional controllability was introduced in Komenda and van 
Schuppen (2008) and later studied in Komenda et al. (2011a,b, 
2012b). In this paper, we revise and simplify this notion. 

Definition 3. A language K C P(Gi ||G 2 ||G^) is conditionally 
controllable for generators Gi, G 2 , Gk and uncontrollable event 
sets Pi jM , E 2 , u , E k .u if 

(1) Pk(K) is controllable wrt L(G k ) and E ktU , 

(2) P l+k {K) is controllable wrt L(Gi) || P k (K) and E l+kjU , 

(3) P 2 +k{K) is controllable wrt P(G 2 ) || P k {K) and P 2+M . 

where E i+k ^ u = (£,• U E k ) n E u , i = 1 , 2. 

The following result shows that every conditionally control- 
lable and conditionally decomposable language is controllable. 

Proposition 4. Let G; be a generator over E if i= l,2,k, and let 
G = Gi||G 2 ||Gfc. Let K C L m (G) be such that Pis conditionally 
decomposable wrt Pi , P 2 , E k , and conditionally controllable for 
generators G\, G 2 , Gk and uncontrollable event sets E\ M , P 2 „, 
E kiU . Then, K is controllable with respect to L(G) and E u . 



Proof. As Pi +k (K) is controllable wrtP(Gi)||P fc (P) andE l+k:U , 
and P 2+k (K) is controllable wrt L(G 2 )\\P k (K) and E 2+Lu , 
Lemma 24 implies that K = P\ +k (K)\\P 2+k (K) is controllable 
wrt L(Gi)||P^P)||L(G 2 )||P^P) = L(G)\\P^K) and E u , where 
the equality is by the commutativity of the synchronous product 
and the fact that P k (K) C L(G k ). As P k (K) is controllable wrt 



L(G k ) and E ktU , by Definition 3, L(G)\\P k (K) is controllable 
wrt L(G)\\L(G k ) = L(G) by Lemma 24. By Lemma 25, K is 
controllable wrt L{G) and E u . However, this means that K is 
controllable wrt L(G) and E u , which was to be shown. □ 

On the other hand, controllability does not imply conditional 
controllability. 

Example 5. Let L(G) — {au}\\{bu} — {abu,bau}. Then K = 
{a} is controllable wrt L(G) and E u — {u}. Both K and K are 
conditionally decomposable wrt event sets {a,u}, {b,u}, and 
{w}, and Pt{K) = {e} is not controllable wrt {u} and {u}. < 

However, if the observer and local control consistency (LCC) 
properties are satisfied, this implication also holds. To prove 
this, we need the following two definitions, cf. Schmidt and 
Breindl (201 1); Wong and Wonham (1996), respectively. 

Definition 6. Let L C E* be a prefix-closed language, and let 
Eq C E. The projection ft : E* — »■ Eq is locally control consis- 
tent (LCC) with respect to s e L if for all a u £EqC\E u such that 
Pq(s)o u € Po(L), it holds that either there does not exist any 
u e (E\ Eq)* such that suo u £ L, or there exists u £ (E u \ Eo)* 
such that sug u £ L. The projection ft is LCC with respect to a 
language L if Pq is LCC for all sgL. 

Definition 7. The projection P k :E* — > where C £, is an 
L-observer for a language LCE* if, for all words f € ft (L) and 
s € L, ft (*) is a prefix of f implies that there exists u £ E* such 
that e L and Pk(su) = t. 

Proposition 8. Let L C E* be a prefix-closed language, and let 
K C L be a language such that is controllable with respect 
to L and £„. If Pi is an L-observer, for i£ {k,l+k,2 + k}, and 
LCC for L, then is conditionally controllable. 



Proof. (1) Let s £ ft(-K"), a € £*,«, and sa € ft(L). Then, there 
exists w e such that ft(vv) = s. By the observer property, 
there exists u £ (E\Ei l )* such that wua £ L and P k (wua) = sa. 
By LCC, there exists m' € (E u \E k )* such that wi/a € L, that is, 
ww'a € ^ by the controllability. Hence sa £ P k (K). (2) Let 5 e 
P\ +k {K), a £ £i+jfc lB , and sa <E L{G\)\\P k (K). Then, there exists 
w E K such that Pi + ^(w) = s. By the observer property, there 
exists u e (E \Ei + k)* suc h that wmo e L and Pi +J t(wMa) = sa. 
By LCC, there exists u' e (E u \E\ + k)* such that wi/'a e L, that 
is, wu'a e by controllability. Hence ia £ Pi +k (K). □ 

For a generator G with n states, the time and space complexity 
of the verification whether P is an L(G)-observer is 0(n 2 ), 
see Pena et al. (2008). An algorithm extending the event set 
to satisfy the property runs in time (9(n 3 ) and linear space. The 
most significant consequence of the observer property is the 
following theorem. 

Theorem 9. (Wong (1998)). If a projection P is an L{G)- 
observer, for a generator G, then the minimal generator for the 
language P(L(G)) has no more states than G. 

3.2 Conditionally closed languages 

Analogously to the notion of L m (G) -closed languages, we 
define the notion of conditionally closed languages. 

Definition 10. A language ^ K C E* is conditionally closed 
for generators G\, G2, G k if 

(1) P k {K) isL m (G^)-closed, 

(2) P l+k (K) isL m (Gi)||ft(/:)-closed, 



(3) P 2+k (K) isL m (G 2 )||ft(^)-closed. 

If K is conditionally closed and conditionally controllable, then 
there exists a nonblocking supervisor S k such that L m (S k /G k ) = 
P k (K), which follows from the basic theorem of supervisory 
control applied to P k (K) and L(G k ), see Cassandras and Lafor- 
tune (2008). 

As noted in (Cassandras and Lafortune, 2008, page 164), if K C 
L m (G) is L,„(G)-closed, then so is the supremal controllable 
sublanguage of K. However, this does not imply that P k (K) is 
£ m (Gfc)-closed, f° r G = G\\\G2\\G k such that G k makes G\ and 
G2 conditionally independent. 

Example 11. "LelE\ = {a\ ,a}, E2 = {02, a}, E k = {a}, and K = 
{aifl2fl,fl2flifl}. Then, P\ +k (K) = {a\a\, Pi+ k {K) — {02a}, 
P k (K) = {a}, and K = P l+k (K)\\P 2+k (K). Define the generators 
Gi, G 2 , G k so tha t L m {G\) = P\ +k (K), L m (G 2 ) = p2+k(K), and 
L m (G k ) = P k (K) = {e,a}. Then, L m (G) = K and K is L m (G)- 
closed. However, P k (K) C ft(^) is not L m (G k ) -closed. < 

3.3 Coordination control synthesis 

The following theorem is a simplified version of a result pre- 
sented without proof in Komenda et al. (201 la). 

Theorem 12. Consider the setting of Problem 2. There exist 
nonblocking supervisors S\, S2, S k such that 

MV[Gi||(VGfc)]) || L m (S 2 /[G 2 \\(S k /G k )])=K (1) 
if and only if the specification language K is both conditionally 
controllable wrt generators G\, G2, G k and event sets E\ iU , 2?2,u> 
E^„, and conditionally closed wrt G\, G2, Gk- 

Proof. Let K satisfy the assumptions, and let G — G\ ||G2||G^. 
As K C L m (G), P k {K) C L m (G k ). By the assumption, P k (K) is 
L m (G k ) -closed and controllable wrt L(G k ) and E ku . By Ra- 
madge and Wonham (1987), there exists a nonblocking su- 
pervisor S k such that L m (S k /G k ) = P k {K). As P\ +k {K) C 
MGi||G*) andft +i (^) C {Pl +k )- l P k {K),whwcP l+k {K) C 
L m {G\)\\P k {K). These relations and the assumption that the 
system is conditionally controllable and conditionally closed 
imply the existence of a nonblocking supervisor S\ such 
that L m (Si/[Gi\\(S k /G k )}) = P 1+k (K). A similar argument 
shows that there exists a nonblocking supervisor S2 such 
that L m (S 2 /[G 2 \\{Sk/G k )]) =P 2+k {K). As the languages K 
and K are conditionally decomposable, L m (S\/[G\ \\ {S k /G k )\) \\ 
L m (S 2 /[G 2 \\(S k /G k )])=P 1+k (K)\\P 2+k (K)=K. 

To prove the converse implication, ft, ft+£, P2+k are applied to 
(1), which can be rewritten as K = L m (S\ \\G\ ||S2||G2||Sjfc||Gt). 
Thus, Pk(K)=Pk(L m (Si\\Gi\\S2\\G 2 \\Sk\\Gk))CL m (Sk\\Gk) = 
L m (S k /G k ). On the other hand, L m {S k /G k ) C P k (K), cf. Prob- 
lem 2. Hence, by the basic controllability theorem, P k (K) is 
controllable wrt L(G k ) and E kM , and L m (G J t)-closed. As E\ +k n 
E 2 +k = Ek, the application of P\+k to (1) and Lemma 26 
give that Pi +k (K) C L m (5i/[Gi||(VGt)]) C P l+k (K). Taking 
G\ I (S k /G k ) as a new plant, we get that P\ +k (K) is controllable 
wrt L(G\ || (Sk/Gk)) and E l+k ,u, and that it is L m (G\\\ (S k /G k ))- 
closed. The case of P 2+k is analogous. □ 

4. SUPREMAL CONDITIONALLY CONTROLLABLE 
SUBLANGUAGES 

Let supcC(K 7 L,(Ei M ,E 2yli ,Ek iU )) denote the supremal condi- 
tionally controllable sublanguage of K with respect to L = 



L(Gi\\G2\\Gk) and sets of uncontrollable events E\ M , E 2yli , E^ u . 
The supremal conditionally controllable sublanguage always 
exists, cf. Komenda et al. (201 lb) for the case of prefix-closed 
languages. 

Theorem 13. The supremal conditionally controllable sublan- 
guage of a given language K always exists and is equal to the 
union of all conditionally controllable sublanguages of K. 

Proof. Let / be an index set, and let K(, for i e /, be condi- 
tionally controllable sublanguages of K C L(G\ || C?2 1| G^) . To 
prove that P k (Ui e iKi) is controllable wrt L(G k ) and E ku , note 
that P k {Li ieI K^ E k:U n_L{G k ) = U ieI {P k (Ki)E k}U nL{G k )) C 
Uj e iP k (Kj) = P k (u !€ /^T ( ) , where the inclusion is by con- 
trollability of P k (Ki) wrt L(G k ) and E ku . Next, to prove 
thatP l+k (L) ieI K-) Ei+^nLiGiWk (u* 6 /^) C_P 1+jt (u ieI Ki) , 
notethatP 1+lt (U; € /# ( )Ei +M nZ,(Gi)||P* (u ie /£ ( ) 

= U te/ (P 1+ *(£;)E 1+M ) nu ie; (Z,(Gi)||flt(^)) 
= U i€/ U y - €/ (Pi + *(Si)£ 1+feiM nL(Gi)||P fc (^)) . 
Consider different indexes ;,j e / such that P\+ k (Ki)E\ +ku n 
L(Gi)||flt(^) 2 Pi+A (Ui G/ ^) . Then, there exist x e Pi+*fe) 
and m e E\ +kM such that xm e L(Gi)\\P k (Kj), and xm ^ 
Pi+*(Uie/^). It follows that P k (x) e P k (Ki) and Pt(xt/) e 
Pfc(^/). If P k {xu) e Pft(^i), then xu e L(Gi)||Pt(^), and con- 
trollability_of P\ +k (K{) wrt L(Gi)||P ft (^) implies that xu E 
Pi+k (u ieI Ki) ; hence P k (xu) <£ P k {Ki). If u <£ E k)U , then P k (xu) = 
P k (x) € P k (Kj), which is not the case. Thus, u <G E k u . As P k (Ki) U 
Pt(#j) C L(G jt ), we get that P k (xu) = P k (x)u e L(G k ). How- 
ever, controllability of P k (Ki) wrt L(Gfc) and E kM implies that 
P k (xu) e P k (Ki). This is a contradiction. As the case for P2+ k is 
analogous, the proof is complete. □ 

Consider the setting of Problem 2, and define the languages 

supC* = supC(P t (^),L(G jt ),£ M ) , 
supC 1+fc = supC(Pi +(t (/s:),L(Gi)||^C7,£i +M ), (*) 

SU P C 2+A: = ™pC(P 2+k {K),L(G 2 )\\s\\pC k ,E 2+kyU ) • 

The following inclusion always holds. 

Lemma 14. Consider the setting of Problem 2, and the lan- 
guages defined in (*). Then, P k (supC i+k ) C supC^., for ; = 1,2. 

Proof. By definition, Pt(supC i+i .) C supQ andPt(supC i+jt ) C 
P k {K). To prove that supC t fl P k (K) is a subset of supC^, it 
is sufficient to show that supC k <~) P k (K) is controllable with 

respect to L(G k ) and E kM . Thus, assume that s e supC^HPt^), 
u € E k<u , and su e L(G k ). By controllability of supC fc , su e 

supC^ C P k (K), that is, there exists v such that suv e supC^ C 
P k (K). This means that suv € supC k DP k (K), which implies that 
su e sup C k n P k (K) . This completes the proof. □ 

If also the opposite inclusion holds, then we immediately have 
the supremal conditionally-controllable sublanguage. 

Theorem 15. Consider the setting of Problem 2, and the lan- 
guages defined in (*). If supC^ C P k (supC i+k ), for i = 1,2, then 
su P c i+/tll su P C 2+/t = supcC(K,L, (E hu ,E 2}U ,E ktU )). 

Proof. Let supcC = supcC(K,L, (Ei jU ,E 2tU , E k ^ u )) and M = 
supC 1+< .||supC 2+<; . To prove M C supcC, we show that (i) 



M C K and (ii) M is conditionally controllable wrt G\, G 2 , 
G k and E\. u , E 2 , u , E k ^ u . To this aim, M = supC 1+ JsupC 2+(t C 
Pi +J t(^)||P 2 + / t(A') = K because K is conditionally decompos- 
able. Moreover, P k (M) = Pi(supC 1+t .)nPt(supC 2+lt ) = supC^, 
which is controllable wrt L(G k ) and E kM . Similarly, P i+k (M) = 
supC,+JPt(supC i+ £) = supC^HsupQ = sup Q + fr,f or j i, 

by Lemma 14, which is controllable wrt L(Gi)\\P k (M). Hence, 
M C supcC. 

To prove the opposite inclusion, by Lemma 27, it is sufficient 
to show that p +J t(supcC) C supC 1+lt , for i = 1,2. To prove this 

Pi +J t(supcC) is controllable wrt L(Gi)||P( ; (supcC) and E\ +ku , 
and L(Gi)||Pt(supcC) is controllable wrt L(Gi)||supC jt and 
E\+ kt u by Lemma 24 because Pt(supcC) being controllable wrt 
L(G k ) implies it is controllable wrt supC^. C L(G k ) and E k u . 
By Lemma 25, Pi + ,t(supcC) is controllable wrt L(Gi)|jsupC /t 
and Ei +ktU , which implies that Pi + ^(supcC) C supC 1+/t . The 
other case is analogous. Hence, supcC C M and the proof is 
complete. □ 

Example 16. This example shows that the inclusion supC^ C 
Pt(supC J+/t ) does not hold in general. Moreover, it shows 
that it does not hold even if the projections are observers 
or satisfy the LCC property. Consider two systems G\, G 2 , 
and the specification K as shown in Fig. 1. The controllable 




Fig. 1. Generators Gi, G 2 , and the specification. 

events are E c = {a\ , a 2 , c}, and the coordinator events are E k = 
{ai,a 2 ,c, u}. Construct the coordinator G k = Pt(Gi)||Pt(G 2 ). It 
can be verified that K is conditionally decomposable, supC^. = 
{flifl 2 ,a 2 fli}, supC 1+/t = {a 2 fliMi}, and supC 2+jt = {aia 2 M 2 }. 
Hence, supC^, % P k (supC j+k ). It can also be verified that the 
projections P k , Pi+ k , P 2 + k are L(G\ ||G 2 ) -observers and LCC for 
L(Gi||G 2 ). < 

Proposition 17. Consider the languages of (*). Let the number 
of states of the supervisor supC^. be n and the number of states 
of supervisors supC i+jt be There is an 0(n-n\) algorithm 
deciding whether supQ. C P k (supC i+k ), for i = 1,2. 

Proof. Consider a nondeterministic finite automaton, cf. Sipser 
(1997), for the language P k (supC i+k ) constructed from the 
generator for supC i+k by replacing projected events with e, and 
a deterministic finite automaton for the complement of supC^.. 
These automata are constructed in time linear wrt the number of 
states. To verify that P k (sup C i+k )C\ co- (sup Q) =0by checking 
reachability of a marked state in the product automaton takes 
time 0{n ■ rii); here "co-" stands for the complement. □ 

Note that if we have any specification K which is conditionally 
decomposable, then the specification K\\L is also conditionally 
decomposable. The opposite is not true. 

Lemma 18. Let K be conditionally decomposable with respect 
to event sets E\, E 2 , E k , and let L = Li\\L2\\L k , where L ( - C E*, 
for i = 1,2, k. Then, K\\L is conditionally decomposable with 
respect to event sets E\,E 2 , E k . 




Fig. 2. Generators G„ i = 1,2,3. 
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Fig. 3. The specification K. 



Ol , 02,03 




Fig. 4. The coordinator G k , where sm^Q = G/t- 
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Fig. 5. Supervisors supC 1+/t , supC 2+/t , and supC 3+i; . 

Example 19. Database transactions are examples of discrete- 
event systems that need to be controlled to avoid incorrect 
behaviors. Our model of a transaction to the database is a 
sequence of request (r), access (o), and exit (e) operations. 
Usually, several (but a limited number of) users access the 
database, which can lead to inconsistencies when executed 
concurrently because not all the interleavings of operations give 
a correct behavior. We consider the case of three users with 
events r ( -,a ( -,e,-, i = 1,2,3. All possible schedules are given by 
the language of the plant G = G\ \\ G 2 || G3 over the event set E = 
{ri 7 r2,rj,,ai, 02,03, ei,e2,ei}, where Gi, G2, G3 are defined as 
in Fig. 2, and the set of controllable events is E c = {01,02, 03}. 
The specification language K, depicted in Fig. 3, describes 
the correct behavior consisting in finishing the transaction in 
the exit stage before another transaction can proceed to the 
exit phase. For E k = {01,02,03} and the coordinator Gk = 
Pfc(Gi)||Pfc(G 2 )||Pfc(G 3 ), we can compute supC fc , see Fig. 4, 
and supC 1+lt , supC 2+jfc , supC 3+lt , Fig. 5, and to verify that 
the assumptions of Theorem 15 are satisfied. The solution is 
optimal: the supremal conditionally-controllable sublanguage 
of K coincides with the supremal controllable sublanguage of 
K. Moreover, independently on the size of the global plant, the 
local supervisors have only three states. < 

5. COORDINATOR FOR NONBLOCKINGNESS 

So far, we have only considered the coordinator for safety. In 
this section, we discuss the coordinator for nonblockingness. 
To this end, we first prove a fundamental theoretical result and 
then give an algorithm for the construction of a coordinator for 
nonblockingness . 

Recall that a generator G is nonblocking if L m (G) = L(G). 
Theorem 20. Consider languages L\ C Lj and C and let 
P : {Ei U £2)* -> £o> with E i n E 2 £ E , be an L, -observer, 
for i= 1,2. Let Go be a nonblocking generator with L m (Go) = 



P {Li)\\P {L2). Then L x ||L 2 ||L m (G ) = Lj \\L 2 \\L m {G Q ), that is, 
the system is nonblocking. 

Proof. Let L = Li||L 2 ||L = (Li||Lo)||(L 2 ||L ). B Y Lemma 28, 
(Li||Lo)||(L 2 |lLo7 = (L i|j Lo)||(L 2 ||Lo) if and o nly if it holds 
P {Li\\Lo)\\Po{L2\\Lo) = Po{Li\\Lq)\\Po{L 2 \\Lo), because if P 
is an Li-observer, ;' = 1,2, and Pq is an Lo-observer, Po is 
also an L,|| Lo-observer by Pena et al. (2006). However, for 
our choice of the coordinator, this equality always holds be- 
causeP {Li\\Lo)\\P {L2\\Lo) = Lo, andP (Li|^ )|Po(L 2 ||Io) = 
Lq\\Lo—Lq. It remains to show that L,||Lo = L,||Lo, for i = 1,2. 
Using Lemma 28 again, we get that this holds if and only if 
Po{Li\\Lo) =Po(L,)||Lo. This always holds because Po(L,||Lo) = 
Lq, and Fo{ Lj) \\Lp = P (L ; ) || P (Li = P (Li)||P (L 2 ) = 

L because P (Li)||P (L 2 ) C P (L ( ). □ 

Hence, for supervisors supC 1+jt and supC 2+jt , we choose 

C = P (supC 1+A )||P (supC 2+i; ), 
for the projection Po being a supC ;+lt -observer, for i = 1,2. 
Then, by Theorem 20, 

supC 1+jt ||supC 2+/t ||C = supC 1+A: ||supC 2+jt 

= supC 1+jt ||supC 2+jt ||C, 

thus C is the language of a non-blocking coordinator. 

Algorithm 2. (Computation of a nonblocking coordinator). 
Consider the notation above. 

(1) Compute supC 1+lt and supC 2+lt as defined in (*). 

(2) If the projection P# is not a sup C 1+k -observer or not a 
supC 2+lt -observer, extend the event set E\ so that P# is 
both a supC 1+lt - and a supC 2+i ,-observer. 

(3) Define the nonblocking coordinator as the minimal non- 
blocking generator for C = Pt(supC 1+jt )||P( ; (supC 2+< .). 

6. SUPREMAL PREFIX-CLOSED LANGUAGES 

In this section, we revise the case of prefix-closed languages. 
Moreover, we use LCC instead of output control consistency 
(OCC), cf. Komenda et al. (2012b). 

Theorem 21. Let K C L = L(Gi ||G 2 ||G J t) be a prefix-closed 
language, where G; is over £„ ;' = l,2,fe. Assume that K 
is conditionally decomposable, and define supC^,, supC 1+lt , 
supC 2+jt as in (*). Let P l k +k be an (P^)- 1 (L(G,)) -observer and 

LCC for {Pi +k )- l {L{Gj)), i = 1,2. Then, supC 1+lt ||supC 2+ ^ = 
supcC(#,L, {Ei tU ,E 2 ,u,E ktU )). 

Proof. Denote supcC = supcC(^T,L, (Ei^E^w, E k<u )), M = 
supC 1+jt ||supC2 + ,( ; . It is shown in Komenda et al. (2012b) that 
supcC C M and M C K. To prove P k {M)E kyU r\L{G k ) C P k {M), 
let x £ Pt(M) and a e E^ u be such that xa e L(Gk). To show 

xa e Pk{M) = P jt 1+A: (supC 1+< .) nP^ +A: (supC 2+lt ), there exists 
w E M such that P k {w) = x, and it is shown in Komenda et al. 
(2012b) that there exists u e (Li \ E k )* such that Pi + ^(w)mo € 
(P 1 1+ *)- 1 (L(Gj)) and P l+k {w) e L(Gi)||supC 4 . As P^ is 
LCC for (P/+*)" 1 (L(Gi)), there exists w' e {E u \E k )* such that 
Pi +ft (w)M'a e (P/ +A: ) _1 (L(Gi)). The controllability of supC 1+it 
then implies P\ + i i {w)u'a e supC 1+S; , i.e., xa e P ( 1+<r (supC 1+l(; ). 

Analogously, xa <G P /t 2+A: (supC 2+A: ). Thus, xo e Pt(M). The rest 
of the proof is the same as in Komenda et al. (2012b). □ 

The conditions of Theorem 21 imply that P k is LCC for L. 



Lemma 22. Let L(G,-) C £*, i = 1,2, £ = Ei U £ 2 , and let 
P, : E* -> Ef, ; = 1,2,/t and C E, be projections. If E] n 
£ 2 C ^ and P/ +fc is LCC for (P/+*)" 1 (L(G,-)), i = 1,2, then /\ 
isLCCforL = L(Gi||G 2 ||Gi). 

Proof. For s G L and c M € assume that there exists w G (E\ 
E k )* such that sua u G L- Then, P i+k {sua u ) = Pi+ k (s)P i+k {u)o u G 
(Pl +k )- 1 (L(Gi)) implies that there exists v,- G (E i+k>u \E k )*, 
i = 1,2, such that fl+tMvjOi, G {Pl +k )- l {L(Gi)). As P*(v ( ) = e, 
fl(v,) = v,, we get P*(*)P ( (v ( )P;(<7«) G L(G,), i = 1,2,*. Con- 
sider w' G {vi}||{v 2 }. Then Pi(u') — v,- and, thus, sh'(7„ G L. 
Moreover, u' e(E u \E k )*. □ 

It is an open problem how to verify that Pj +k is LCC for L 
without computing the whole plant. 

Theorem 23. Consider the setting of Theorem 21. If, in addi- 
tion, L(Gjfc) C P^L) and P i+jt is LCC for L, for i = 1,2, then 
supC(A",L,E„) = supcC(#,L, (Ei tU ,E 2 , u , E k , u ) )• 

Proof. It was shown in Komenda et al. (2012b) that P# is an 
L-observer. By Lemma 22, P k is LCC for L. Denote supC = 
supC(K, L,E U ). We prove that Pj.(supC) is controllable wrt 
L(G k ). Assume t G Pt(supC), a G E k:U , and ta G L(G k ) C P^(L). 
We proved in Komenda et al. (2012b) that there exists s G supC 
and m G (E \ E k )* such that sua G L and P k (sua) = ta. By 
the LCC property of P k , there exists u' G (E u \E k )* such that 
st/a G L. By controllability of supC wrt L, su'a G supC, i.e., 
P k (su'a) — ta G Pt(supC). Thus, (1) of Definition 3 holds. 
By Komenda et al. (2012b), P{ +k is an L-observer, for i = 1,2. 
To prove (2) of Definition 3, assume that t G P !+J t(supC), 
1 < i < 2, a G £,•+*,«> and fa G L(G,-) ||P ft (supC). We proved 
in Komenda et al. (2012b) that there exists s G supC and u G 
(E\E k )* such that sua G L and Pi +k (sua) = ta. As P I+/ t is LCC 
for L, there exists u' G (E u \Ei +k )* such that st/a G L. Then, the 
controllability of supC wrt L implies that su'a G supC, that is, 
Pi +k (su'a) =ta£ P, + ^(supC). The other inclusion is the same 
as in Komenda et al. (2012b). □ 

7. CONCLUSION 

We have revised, simplified, and extended the coordination 
control scheme for discrete-event systems. These results have 
been used, for the case of prefix-closed languages, in the imple- 
mentation of the coordination control plug-in for libFAUDES. 
Note that a general procedure for the computation of supremal 
conditionally-controllable sublanguages is still missing. This 
requires further investigation. 

AUXILIARY RESULTS 

Lemma 24. (Proposition 4.6, Feng (2007)). Let L, C E* , i = 
1 , 2, be prefix-closed languages, and let Kj C L ; be controllable 
with respect to L, and £;,„, E = E\ {JE2. If -^1 and K2 are 
synchronously nonconfiicting, then K\ ||^T 2 is controllable with 
respect to L\ ||L 2 and E u . 

Lemma 25. (Komenda et al. (2012b)). Let K C L C M be_ lan- 
guages over E such that K is controllable with respect to L and 
E u , and L is controllable with respect to M and E u . Then, K is 
controllable with respect to M and E u . 

Lemma 26. (Wonham (201 1)). Let P k :E* -> E* k , U C Ef, E t C 
E, i = 1,2, E k D £,n£ 2 . Then, P k {L x \\L 2 ) = P^WP^). 



Lemma 27. (Komenda et al. (2012b)). Let L, C E* , i = 1,2, 
and Pi : {E\ UE 2 )* -> E* . Let A C {E\ UE 2 )* be a language 
such that Pi (A) C L\ and P 2 (A) C L 2 . Then ACLj \\L 2 . 

Lemma 28. (Pena et al. (2006)). Let L, C Ef, i = 1,2, and let 
El n£ 2 C £ . If P ij0 : £* (LinEo)* is an L,-observer, i = 1,2, 

then L^L 2 = LT|fe iff Pi.o^Ollft.ofo) = ^opo)ll^o(^)- 
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